Já bych taky prosil o zkontrolování

[KinyoLG]

Já bych taky prosil o zkontrolování



Logfile of HijackThis v1.99.1
Scan saved at 16:11:38, on 11.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Svátky a výročí\Vyroci.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Martin\Plocha\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - D:\TRANSLAT\WEBIE.DLL
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] "D:\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Svátky a výročí] D:\Svátky a výročí\Vyroci.exe
O4 - HKCU\..\Run: [OM_Monitor] D:\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\ICQLite\ICQLite.exe -trayboot
O4 - Startup: The Matrix_ Path of Neo Registration.lnk = C:\Documents and Settings\Martin\Local Settings\Temp\{9914AFD2-83F3-41EC-9C48-30CAAB52D64F}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MuchTV Remote.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - D:\TRANSLAT\WEBIE.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{702812E9-D3FF-4483-B0CE-FC98A7274E66}: NameServer = 217.197.152.135,213.167.144.4
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


/Příště stačí jeden příspěvek, ne dva a ještě do jiného tématu
/mijaja

[Reklama]

[mijaja]

Stáhni a nainstaluj si plnohodnotný firewall - na ten wokenní moc nespoléhej.
Nainstaluj si bezpečnější alternativní prohlížeč na surfování vedle Internet Exploreru.

Tyhle programy najdi a zkontroluj na Jottiscanu:

C:\Program Files\GameFace Messenger\GameFace.exe
C:\Documents and Settings\Martin\Local Settings\Temp\{9914AFD2-83F3-41EC-9C48-30CAAB52D64F}\{E571E8B1-9771-465D-9DE0-3B A2D1BDAE99}\ATR1.exe
D:\OLYMPUS\OLYMPUS Master\Monitor.exe - napiš co Jotti našel a podle toho budeme pokračovat.

V Taskmanageru (CTRL+ALT+DEL - záložka Procesy - tlačítko Ukončit proces) zastav procesy:

C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\QuickTime\qttask.exe

Až to budeš mít, spusť znovu HijackThis a zaškrtni v něm okénka před řádky:

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboo
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\ICQLite\ICQLite.exe -trayboot
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
po zaškrtnutí klikni na FixChecked

[fredik]

Odinstaloval bych ten Megaupload Toolbar může být potencionálně nebezpečný.

Ukonči v TaskManageru (zmáčkni zároveň klávesy ctrl+alt+delete) otevře se ti okno a v něm se přepni na záložku Procesy a v ní ukonči:
realsched.exe
jusched.exe
qttask

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

po zaškrtnutí klikni na FixChecked

Tento soubor zkus otestovat na VirusTotall
C:\Documents and Settings\Martin\Local Settings\Temp\{9914AFD2-83F3-41EC-9C48-30CAAB52D64F}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe
a dej sem výsledek.

Bylo by dobré si doinstalovat Firewall pro lepší zabezpečení protože ten co je ve Windows není dostačující a plnohodnotný (doporučil bych ti asi Kerio - je v češtině). Více k firewallu najdeš zde:
Možná by stálo za to pouvažovat nad používáním alternativních prohlížečů (Firefox nebo Opera) místo IE.

[alias75]

C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
Údajně to má být utilitka, která si hlídá, aby v IE nedošlo ke změně výchozího vyhledávače na něco jiného.

Každopádně konvenčně lze spouštění tohoto procesu vypnout v Options Google Toolbaru, na záložce More vypnout "Notify me on settings change" a "Set and keep Seach settings to Google". Tím dojde k odstranění spouštěcího klíče z registru (HKCU\Software\Microsoft\Windows\CurrentVersion\Run).

[KinyoLG]

Tak jsem udělal vše.Až na ty programy co jsem měl zkontrolovat.Nenašel jsem je?A vtom posledním příspěvku to mam taky vypnout?

[fredik]

Vlož sem nový log z HJT uvidíme.

[KinyoLG]

Logfile of HijackThis v1.99.1
Scan saved at 16:43:55, on 15.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Svátky a výročí\Vyroci.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MuchTV\tvrmvcr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Martin\Plocha\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - D:\TRANSLAT\WEBIE.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] "D:\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Svátky a výročí] D:\Svátky a výročí\Vyroci.exe
O4 - HKCU\..\Run: [OM_Monitor] D:\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\ICQLite\ICQLite.exe -trayboot
O4 - Startup: The Matrix_ Path of Neo Registration.lnk = C:\Documents and Settings\Martin\Local Settings\Temp\{9914AFD2-83F3-41EC-9C48-30CAAB52D64F}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MuchTV Remote.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - D:\TRANSLAT\WEBIE.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\TRANSLAT\WEBIE.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{702812E9-D3FF-4483-B0CE-FC98A7274E66}: NameServer = 217.197.152.135,213.167.144.4
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[fredik]

Zkus otestovat ještě ty zmíněné soubory, ale s tím rozdílem že je nebudeš vyhledávat ale přímo vložíš do toho okénka (co je vedle tlačítka Procházet) celý řádek postupně po jednom (modrý, zelený, červený). Otestuj to na VirusTotall a dej sem jejich výsledky.

C:\Program Files\GameFace Messenger\GameFace.exe

C:\Documents and Settings\Martin\Local Settings\Temp\{9914AFD2-83F3-41EC-9C48-30CAAB52D64F}\{E571E8B1-9771-465D-9DE0-3B A2D1BDAE99}\ATR1.exe

D:\OLYMPUS\OLYMPUS Master\Monitor.exe

ještě fixni v HJT
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

[KinyoLG]

C:\Program Files\GameFace Messenger\GameFace.exe


Antivirus Version Update Result
AntiVir 7.3.0.15 12.15.2006 no virus found
Authentium 4.93.8 12.14.2006 no virus found
Avast 4.7.892.0 12.15.2006 no virus found
AVG 386 12.15.2006 no virus found
BitDefender 7.2 12.15.2006 no virus found
CAT-QuickHeal 8.00 12.15.2006 no virus found
ClamAV devel-20060426 12.15.2006 no virus found
DrWeb 4.33 12.15.2006 no virus found
eSafe 7.0.14.0 12.14.2006 no virus found
eTrust-InoculateIT 23.73.86 12.15.2006 no virus found
eTrust-Vet 30.3.3252 12.15.2006 no virus found
Ewido 4.0 12.15.2006 no virus found
Fortinet 2.82.0.0 12.15.2006 no virus found
F-Prot 3.16f 12.14.2006 no virus found
F-Prot4 4.2.1.29 12.14.2006 no virus found
Ikarus T3.1.0.26 12.15.2006 no virus found
Kaspersky 4.0.2.24 12.15.2006 no virus found
McAfee 4919 12.14.2006 no virus found
Microsoft 1.1804 12.15.2006 no virus found
NOD32v2 1924 12.15.2006 no virus found
Norman 5.80.02 12.15.2006 no virus found
Panda 9.0.0.4 12.15.2006 no virus found
Prevx1 V2 12.15.2006 no virus found
Sophos 4.12.0 12.14.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.132 12.14.2006 no virus found
UNA 1.83 12.14.2006 no virus found
VBA32 3.11.1 12.14.2006 no virus found
VirusBuster 4.3.19:9 12.15.2006 no virus found

Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709


C:\Documents and Settings\Martin\Local Settings\Temp\{9914AFD2-83F3-41EC-9C48-30CAAB52D64F}\{E571E8B1-9771-465D-9DE0-3B A2D1BDAE99}\ATR1.exe


Antivirus Version Update Result
AntiVir 7.3.0.15 12.15.2006 no virus found
Authentium 4.93.8 12.14.2006 no virus found
Avast 4.7.892.0 12.15.2006 no virus found
AVG 386 12.15.2006 no virus found
BitDefender 7.2 12.15.2006 no virus found
CAT-QuickHeal 8.00 12.15.2006 no virus found
ClamAV devel-20060426 12.15.2006 no virus found
DrWeb 4.33 12.15.2006 no virus found
eSafe 7.0.14.0 12.14.2006 no virus found
eTrust-InoculateIT 23.73.86 12.15.2006 no virus found
eTrust-Vet 30.3.3252 12.15.2006 no virus found
Ewido 4.0 12.15.2006 no virus found
Fortinet 2.82.0.0 12.15.2006 no virus found
F-Prot 3.16f 12.14.2006 no virus found
F-Prot4 4.2.1.29 12.14.2006 no virus found
Ikarus T3.1.0.26 12.15.2006 no virus found
Kaspersky 4.0.2.24 12.15.2006 no virus found
McAfee 4919 12.14.2006 no virus found
Microsoft 1.1804 12.15.2006 no virus found
NOD32v2 1924 12.15.2006 no virus found
Norman 5.80.02 12.15.2006 no virus found
Panda 9.0.0.4 12.15.2006 no virus found
Prevx1 V2 12.15.2006 no virus found
Sophos 4.12.0 12.14.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.132 12.14.2006 no virus found
UNA 1.83 12.14.2006 no virus found
VBA32 3.11.1 12.14.2006 no virus found
VirusBuster 4.3.19:9 12.15.2006 no virus found

Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709


D:\OLYMPUS\OLYMPUS Master\Monitor.exe


Antivirus Version Update Result
AntiVir 7.3.0.15 12.15.2006 no virus found
Authentium 4.93.8 12.14.2006 no virus found
Avast 4.7.892.0 12.15.2006 no virus found
AVG 386 12.15.2006 no virus found
BitDefender 7.2 12.15.2006 no virus found
CAT-QuickHeal 8.00 12.15.2006 no virus found
ClamAV devel-20060426 12.15.2006 no virus found
DrWeb 4.33 12.15.2006 no virus found
eSafe 7.0.14.0 12.14.2006 no virus found
eTrust-InoculateIT 23.73.86 12.15.2006 no virus found
eTrust-Vet 30.3.3252 12.15.2006 no virus found
Ewido 4.0 12.15.2006 no virus found
Fortinet 2.82.0.0 12.15.2006 no virus found
F-Prot 3.16f 12.14.2006 no virus found
F-Prot4 4.2.1.29 12.14.2006 no virus found
Ikarus T3.1.0.26 12.15.2006 no virus found
Kaspersky 4.0.2.24 12.15.2006 no virus found
McAfee 4919 12.14.2006 no virus found
Microsoft 1.1804 12.15.2006 no virus found
NOD32v2 1924 12.15.2006 no virus found
Norman 5.80.02 12.15.2006 no virus found
Panda 9.0.0.4 12.15.2006 no virus found
Prevx1 V2 12.15.2006 no virus found
Sophos 4.12.0 12.14.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.132 12.14.2006 no virus found
UNA 1.83 12.14.2006 no virus found
VBA32 3.11.1 12.14.2006 no virus found
VirusBuster 4.3.19:9 12.15.2006 no virus found

Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

[fredik]

Tak test nám nic neprozradil protože se ty soubory nenahrály, ale je divné že jsi žádný z těch tří souborů nenašel. Nic méně ten (OLYMPUS Master\Monitor.exe a \GameFace Messenger\GameFace.exe) by měli být asi v pořádku.

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O4 - Startup: The Matrix_ Path of Neo Registration.lnk = C:\Documents and Settings\Martin\Local Settings\Temp\{9914AFD2-83F3-41EC-9C48-30CAAB52D64F}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

po zaškrtnutí klikni na FixChecked

Pro jistotu můžeš udělat a dát sem upravený log z Mwav, jinak log se zdá v pořádku.

[KinyoLG]

Snad jsem to udělal správně.Akorát že se tam píše že by měl odpovídat počet nalezených řádků s havětí s počtem řádků Total Critical Objects co u mě není pravda.Tak nevím.Jinak děkuji moc za pomoc!!!



Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".000". Action Taken: No Action Taken.
Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".002". Action Taken: No Action Taken.
Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".003". Action Taken: No Action Taken.
Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".130/!!!%20Film%20a%20video%20(prosim%20ukladejte%20do%20adresaru)/". Action Taken: No Action Taken.
Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".130/!!!%20Film%20a%20video%20(prosim%20ukladejte%20do%20adresaru)/Kult%20h%E1kov%E9ho%20k%F8%ED%9Ee/". Action Taken: No Action Taken.
Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".130/!!!%20Film%20a%20video%20(prosim%20ukladejte%20do%20adresaru)/Simpsonovi/". Action Taken: No Action Taken.

Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".130/!!!%20Film%20a%20video%20(prosim%20ukladejte%20do%20adresaru)/The%20fast%20and%20the%20furiors%20III/". Action Taken: No Action Taken.

Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".130/!!!%20Film%20a%20video%20(prosim%20ukladejte%20do%20adresaru)/The%20fast%20and%20the%20furiors%20III/CD1%20upload%20by%20wolker/". Action Taken: No Action Taken.

Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".130/!!!%20Games%20(prosim%20ukladejte%20do%20adresaru)/". Action Taken: No Action Taken.

Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".130/!!!%20Software%20(prosim%20ukladejte%20do%20adresaru)/". Action Taken: No Action Taken.

Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".91/Games%201/Command%20And%20Conquer%20Renegade/". Action Taken: No Action Taken.

Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".91/Games%201/Command%20And%20Conquer%20Tiberian%20Sun%20Firestorm/". Action Taken: No Action Taken.

Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".91/Games%201/Command%20And%20Conquer%20Tiberian%20Sun/". Action Taken: No Action Taken.

Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".acr". Action Taken: No Action Taken.

Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".awl". Action Taken: No Action Taken.

Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".b3d". Action Taken: No Action Taken.

Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".big". Action Taken: No Action Taken.

Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cam". Action Taken: No Action Taken.

Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".class". Action Taken: No Action Taken.

Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cz/getAttachment?session=%04Q%94%9B9%C8A%EB%25hlp%8D%97t%06%9AkM%5B2%D7%94%2A%0DS%C7%3B%91%11%D9%9C%24f%D4%F04%C1%DD%F0%1AI%E8tb%E9p%06G%A6%9D%BDH%3A%FA%DAI%1D%3F%0E%F0%ED%F9%C3%1BK%DD%DC%FE%1A%E8%9". Action Taken: No Action Taken.

Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cz/getAttachment?session=%04Q%94%9B9%C8A%EB%25hlp%8D%97t%06%9AkM%5B2%D7%94%2A%CC%C2X%82m%BAfW%24f%D4%F04%C1%DD%F0%1AI%E8tb%E9p%06G%A6%9D%BDH%3A%FA%DAI%1D%3F%0E%F0%ED%F9%C3%1BK%DD%DC%FE%1A%E8%9F%A4%0". Action Taken: No Action Taken.

Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dcm". Action Taken: No Action Taken.

Tue Dec 19 19:11:47 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".djvu". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dyc". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ecw". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".evt". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".exh". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fdb". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fpx". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fsh". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".g3". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gba". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gsm". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".icl". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ics". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ids". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".idx". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ima". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".imp". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".iw44". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ixa". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".j2k". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jp2". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpc". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpf". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpm". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".kdc". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lang". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ldf". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lds". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lst". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lwf". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".md0". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".med". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ngg". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nlm". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nol". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pgm". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pmf". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ppm". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r30". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ras". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rgb". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".scn". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sff". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfv". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfw". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sgi". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sid". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".skn". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sun". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sxe". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".uha". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".upd". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".viv". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".xpm". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Checking Application Cache Entries...
Tue Dec 19 19:11:48 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Audioactive MP3 Decoder". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Cactus". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Call of Duty". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "iVideoCodec". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "QuickTime". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Safety Alerter 2006". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ToolbarICQToolbar.ICQToolbarObjectIEToolbar". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Zoner Photo Studio 8_is1". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4DECFC9F-2310-4C02-009A-B6758306EF00}". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4F62B1AE-E778-49E2-9C57-C1C65A122098}". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A8DE8C34-7F51-4cc8-B326-C425793EE741}". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ADE91A13-434D-4229-00BC-182BAD607303}". Action Taken: No Action Taken.

Tue Dec 19 19:11:48 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{D0DC1674-B5E8-4364-009E-B350048DD006}". Action Taken: No Action Taken.
Tue Dec 19 19:12:37 2006 => Scanning File C:\WINDOWS\system32\netware.drv
Tue Dec 19 19:13:17 2006 => Scanning File C:\DOCUME~1\Martin\LOCALS~1\Temp\Spyware.sdb [**]
Tue Dec 19 19:13:43 2006 => Scanning File C:\DOCUME~1\Martin\LOCALS~1\TEMPOR~1\Content.IE5\FYZEGFKP\kingofwarez[1].gif [**]
Tue Dec 19 19:13:38 2006 => Scanning File C:\DOCUME~1\Martin\LOCALS~1\TEMPOR~1\Content.IE5\CPC30JGN\software[1].htm
Tue Dec 19 19:13:38 2006 => Scanning File C:\DOCUME~1\Martin\LOCALS~1\TEMPOR~1\Content.IE5\CPC30JGN\software[1].asp
Tue Dec 19 19:11:11 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\virus-bursters !!!
Tue Dec 19 19:12:11 2006 => File C:\WINDOWS\system32\f3PSSavr.scr tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
Tue Dec 19 19:13:32 2006 => Scanning File C:\DOCUME~1\Martin\LOCALS~1\TEMPOR~1\Content.IE5\CLQ7KT2V\virusbuster[1].gif [**]
Tue Dec 19 19:13:32 2006 => Scanning File C:\DOCUME~1\Martin\LOCALS~1\TEMPOR~1\Content.IE5\CLQ7KT2V\virusscan.jotti[1].htm
Tue Dec 19 19:13:45 2006 => Scanning File C:\DOCUME~1\Martin\LOCALS~1\TEMPOR~1\Content.IE5\FYZEGFKP\virus[1].gif [**]
Tue Dec 19 19:13:53 2006 => Scanning File C:\DOCUME~1\Martin\LOCALS~1\TEMPOR~1\Content.IE5\K5ML3TSL\antivir[1].png [**]

Tue Dec 19 19:14:32 2006 => ***** Scanning complete. *****

Tue Dec 19 19:14:32 2006 => Total Objects Scanned: 27705
Tue Dec 19 19:14:32 2006 => Total Critical Objects: 6
Tue Dec 19 19:14:32 2006 => Total Disinfected Objects: 0
Tue Dec 19 19:14:32 2006 => Total Objects Renamed: 0
Tue Dec 19 19:14:32 2006 => Total Deleted Objects: 0
Tue Dec 19 19:14:32 2006 => Total Errors: 134
Tue Dec 19 19:14:32 2006 => Time Elapsed: 00:04:07
Tue Dec 19 19:14:32 2006 => Virus Database Date: 12/16/2006
Tue Dec 19 19:14:32 2006 => Virus Database Count: 251300

[mijaja]

Zlikviduj soubor:

C:\WINDOWS\system32\f3PSSavr.scr

Vyprázdni složku C:\DOCUME~1\Martin\LOCALS~1\Temp - vše, co je v ní zlikviduj
u složky C:\DOCUME~1\Martin\LOCALS~1\TEMPOR~1 (Temporary Internet Files) postupuj stejně.

Tento klíč najdi a zlikviduj
HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\virus-bursters